The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL on hostname

Discussion in 'General Discussion' started by maokob, Apr 23, 2005.

  1. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    How can I install SSL cert on server's hostname?

    I know how to install SSL cert on domains hosted on the server. but not sure about on hostname.
    Is it the same procedure as hosted domains?

    like, you generate the SSL cert and signing request with your hostname and so on....

    If you have installed SSL cert on your hostname, please tell me how you did it.

    Thank you in advance.
     
  2. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    You should not use the host name of the server for anything other than the setup. cPanel/WHM uses a self signed certificate to secure all access to the control panel, trying to use the host name of the server to run a website or for any other purpose may conflict with the setup of the server.

    If you want to offer Shared SSL then get yourself another domain, anonymous domain name if you prefer and set it up with a certificate. Let your customers access the shared certificate with http://anonymousdomain.com/~accountname/ .

    Note that by allowing users to access their sites this way any bandwidth used will be put on the domain being used to access the site ie. the anonymousdomain.com.

    If you have mod_userdir Tweak enabled to stop this you can exclued the account used for the shared SSL to enable it to be used in this fashion.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Unless of course you're just talking about using a CA signed certificate for secure WHM/cPanel access for the hostname. In that case you can certainly generate a CSR (WHM > Generate a SSL Certificate and Signing Request) and then install it in WHM > Change cPanel/WHM Certificate
     
  4. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Thank you both Trigger & chirpy for your reply.

    The reason I want to install SSL cert on hostname is because I want to offer secure POP3 connection for my clients.

    So, if my hostname is "server.domain.com"
    Then I just Generate a SSL Certificate and Signing Request with the domain name "server.domain.com" and install it in WHM's Change cPanel/WHM Certificate.

    Is it right?

    How about IP address?
    Don't I need to assign IP address for "server.domain.com" as it needs a dedicated IP address?

    Thank you.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, that's how you would do it.

    The dedicated IP would have to be the main IP for the server, so you need to ensure that you don't have a client hosted on the main IP with an SSL certiciate already installed.
     
  6. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much. chirpy :)
     
  7. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    I installed SSL on hostname as I was adviced.
    everything seems to have gone well.
    now I can access whm,cpanel via SSL.
    Thanks for that.

    But I can not access as

    https://hostname.domain.com/~usrname/.

    I want to offer a shared SSL access for my clients as well.

    Am I missing something?

    Please help me.
     
  8. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Already answered.
    additionally you can create a subdomain account ( ie. secure.yourdomain.com ), give it a dedicated IP and set that up for shared SSL useage.

    Hope That Helps.
     
  9. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
  10. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    As Trigger stated, it is not a good Idea to use the server hostname for shared SSL. It should only be used for cPanel.

    When a user types in the IP ( or hostname.domain.com ) as the URL of the shared IP for the server it comes up `No Website Configured At this Address`, however when you dedicate an IP to an account and type the IP it will show the contents of the account that is on the dedicated IP

    This is a part of the reason WHY you shouldnt use the hostname as a shared SSL location.
     
  11. maokob

    maokob Member

    Joined:
    Jan 20, 2004
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Hi.

    I've changed that default index page(No Website Configured At this Address) to my own template. so there is no worry about that.

    Do you have any idea how I can do that?
     
  12. Drew Nichols

    Drew Nichols Well-Known Member

    Joined:
    May 5, 2003
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SC
    Did anyone ever figure this out? I've got what I think is the proper httpd config setup in httpd.conf but no luck.
     
  13. marcadrian

    marcadrian Member

    Joined:
    Apr 7, 2005
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    https://hostname.com/~user

    Yes I worked it out..

    Your second entry in httpd.conf should look like:

    <IfDefine SSL>
    <VirtualHost 210.x.x.x:443>
    DocumentRoot /usr/local/apache/htdocs
    ServerName server.blah.com
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/server.blah.com.au.crt
    SSLCertificateKeyFile /usr/share/ssl/private/server.blah.com.au.key
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>

    now the tricky bit is finding the actual key and crt! You can find them in:

    /usr/local/cpanel/etc/mycpanel.pem

    Both the key and cert are in that file. Just copy and paste them seperately into the files you have defined with SSLCertificateFile and SSLCErtificateKeyFile

    I am yet to find a good reason why not to use SSL on the hostname. I wish someone would give us an explanation instead of just saying "its bad!"
     
  14. Drew Nichols

    Drew Nichols Well-Known Member

    Joined:
    May 5, 2003
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SC
    Thanks for updating the thread. I ended up finding that solution and meant to do the same.
     
  15. Bakadesu

    Bakadesu Member

    Joined:
    Feb 11, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    After I did this, seems that private SSL's (dedicated IP) don't work and redirect to the DocumentRoot /usr/local/apache/htdocs

    Is it possible to do both?
     
  16. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    Just got a new server and the server already use self sign certificate for WHM but use provider hostname not use my hostname.

    So everytime try to login using https://host.domain.com:2087 on Certificate Warning shows that the certificate belongs to provider.domain.com not host.domain.com which is my hostname.

    I do what Chirpy said but still when login to WHM shows provider.domain.com as the owner of certificate.

    How to change this ? It seems chirpy way not work for me
     
    #16 isputra, May 16, 2006
    Last edited: May 16, 2006
  17. Drew Nichols

    Drew Nichols Well-Known Member

    Joined:
    May 5, 2003
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SC
    So when you install the certificate under "Change Server Certificates" and "Install a SSL Certificate and Setup the Domain" are you getting any errors? Just to be sure: did you generate a CSR from the server and go buy a certificate somewhere?
     
  18. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    I did not have any error when proccess the certificate.

    I don't buy real certificate, i just want to use self sign certificate to access to WHM.

    Like i said, if i go to WHM using https it will shows my provider hostname as the owner of certificate.

    I want to show my own hostname not my provider hostname.
     
  19. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    anyone ? is there any help for me ?
     
  20. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    Reset Server Certificates ---> still not change

    Generate a SSL Certificate and Signing Request and then Change Server Certificates ---> still not change

    Searching using SSH to locate old hostname certificate but none.

    So i guess this server is a unique server because i can't change WHM/Server certificate what ever i do to change it.

    Please help
     
Loading...

Share This Page